Half-Open

Wireshark Network Vulnerability Analysis: Port Scanning, Reverse TCP, and Cache Poisoning

/ Miguel Antonio Bigueur / Leave a comment
Wireshark

5 Minutes

This purpose of this document is to examine the results of several Wireshark captures. Areas to be explored are the exploit type, impact of the exploit, vulnerability type, and any other relevant information. In order for network administrators, penetration testers, or any other type of security experts to combat cyber crimes, it’s critical that they know how to use the same tools that the criminals do. Wireshark is instrumental in helping security professionals dissect intersected communications to formulate new security policies and put new safeguards in place. This experiment will be conducted on a 2009 Mac Pro running OS X Yosemite 10.10.4. Kali Linux will be used to exploit Metasploitable 2 both of which are running inside of Parallels 10 virtual machines.

Continue reading

Mitigating DoS and DDoS: Effective Security Measures

/ Miguel Antonio Bigueur / Leave a comment

Radware

7 Minutes

Denial of Service (DoS) is a common attack method used to flood network connections with the intention to render the network server unusable. DoS attacks are typically motivated by retaliation, perhaps from a fired employee or various other reasons, including social hacktivism or cyber terrorism. Most DoS attacks target web servers by overwhelming them with SYN requests faster than the server can respond to them. DoS attacks can barrage a server by depriving it of other critical resources such as CPU, memory, and bandwidth possibly leading to a system crash.

Distributed Denial of Service (DDoS) is an advanced form of Denial of Service that employs the use of many computers located anywhere around the world where there is an Internet connection. “Malware” running on a computer is what gives the attacker remote control of the computer. When a computer is controlled in this way it is referred to as a “Zombie”. Armies of Zombie computers form what is called a “Botnet”, a large network of centrally controlled computers to perform an action, which can be malicious in nature or for valid reasons, as is the case with The Search for Extraterrestrial Intelligence (SETI), a government scientific organization.

Users of malicious Zombie computers are unaware of the control-taking place behind the scenes because the botnet malware usually masquerades itself as valid processes or it can stay hidden deep within the system undetected.

Continue reading